DisablePolicyType

Disables an organizational control policy type in a root. A policy of a certain type
can
be attached to entities in a root only if that type is enabled in the root. After
you perform
this operation, you no longer can attach policies of the specified type to that root
or to any
organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.

This operation can be called only from the organization's master account.

Note

If you disable a policy type for a root, it still shows as enabled for the organization
if all features are enabled in that organization. Use ListRoots to see the
status of policy types for a specified root. Use DescribeOrganization to
see the status of policy types in the organization.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You don't have permissions to perform the requested operation. The user or role that
is
making the request must have at least one IAM permissions policy attached that grants
the
required permissions. For more information, see Access Management in the
IAM User Guide.

HTTP Status Code: 400

AWSOrganizationsNotInUseException

Your account isn't a member of an organization. To make this request, you must use
the
credentials of an account that belongs to an organization.

HTTP Status Code: 400

ConcurrentModificationException

The target of the operation is currently being modified by a different request. Try
again
later.

HTTP Status Code: 400

ConstraintViolationException

Performing this operation violates a minimum or maximum value limit. For example,
attempting to removing the last service control policy (SCP) from an OU or root, inviting
or
creating too many accounts to the organization, or attaching too many policies to
an account,
OU, or root. This exception includes a reason that contains additional information
about the
violated limit.

Some of the reasons in the following list might not be applicable to this specific
API or
operation:

ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of
accounts in an organization. If you need more accounts, contactAWS Support to request an increase in your
limit.

Or the number of invitations that you tried to send would cause you to exceed the
limit of accounts in your organization. Send fewer invitations or contact AWS Support
to
request an increase in the number of accounts.

Note

Deleted and closed accounts still count toward your limit.

Important

If you get receive this exception when running a command immediately after creating
the organization, wait one hour and try again. If after an hour it continues to fail
with this error, contact AWS
Support.

HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that
you can send in one day.

OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have
in an organization.

OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels
deep.

ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that
requires the organization to be configured to support all features. An organization
that
supports only consolidated billing features can't perform this operation.

POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of policies that
you
can have in an organization.

MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of
policies of a certain type that can be attached to an entity at one time.

MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an
entity that would cause the entity to have fewer than the minimum number of policies
of a
certain type required.

ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts
that you can create in one day.

MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this
organization, you first must migrate the organization's master account to the marketplace
that corresponds to the master account's address. For example, accounts with India
addresses must be associated with the AISPL marketplace. All accounts in an organization
must be associated with the same marketplace.

MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first
provide contact a valid address and phone number for the master account. Then try
the
operation again.

HTTP Status Code: 400

InvalidInputException

The requested operation failed because you provided invalid values for one or more
of the
request parameters. This exception includes a reason that contains additional information
about the violated limit:

Note

Some of the reasons in the following list might not be applicable to this specific
API
or operation:

IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be
modified.

INPUT_REQUIRED: You must include a value for all required parameters.

INVALID_ENUM: You specified a value that isn't valid for that parameter.

INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
characters.

INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one
invalid value.

INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
organization, or email) as a party.

INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from
the response to a previous call of the operation.

INVALID_PATTERN: You provided a value that doesn't match the required pattern.

INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the
required pattern.

INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin
with the reserved prefix AWSServiceRoleFor.

INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN)
for the organization.

INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.

MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the
operation.

MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than
allowed.

MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than
allowed.

MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than
allowed.

MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than
allowed.

MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities
in the same root.

HTTP Status Code: 400

PolicyTypeNotEnabledException

The specified policy type isn't currently enabled in this root. You can't attach policies
of the specified type to entities in a root until you enable that type in the root.
For more
information, see Enabling All Features in Your
Organization in the AWS Organizations User Guide.

HTTP Status Code: 400

RootNotFoundException

We can't find a root with the RootId that you specified.

HTTP Status Code: 400

ServiceException

AWS Organizations can't complete your request because of an internal service error.
Try again
later.

HTTP Status Code: 400

TooManyRequestsException

You've sent too many requests in too short a period of time. The limit helps protect
against denial-of-service attacks. Try again later.